Skip to main content
AuditProven

Legal

Legal

Privacy Policy

AuditProven Compliance Systems B.V. Last updated: April 2026 Effective: April 2026

1. Data Controller

AuditProven Compliance Systems B.V., registered in The Netherlands, is the data controller for personal data processed through the AuditProven Shield platform.

Contact: [email protected]

2. What We Collect

  • Account data: Email address, full name, organization name, billing address
  • Usage data: Assessment timestamps, framework selections, report generation counts, feature usage
  • Technical data: IP address, browser type, device type, session duration
  • Payment data: Processed by our payment provider; we do not store card numbers

3. What We Do NOT Collect

  • Content of uploaded documents (processed in memory, not persisted)
  • Generated report content beyond what is needed for your account access
  • Biometric data, location data, or social media profiles

4. Legal Basis for Processing

  • Contract performance: Account creation, assessment processing, report delivery
  • Legitimate interest: Platform security, fraud prevention, service improvement
  • Consent: Marketing communications (opt-in only)

5. Data Retention

  • Account data: retained while account is active, deleted within 30 days of closure
  • Assessment reports: Starter (30 days), Professional (until account closure), Enterprise (per contract)
  • Usage logs: 12 months
  • Payment records: 7 years (Dutch fiscal requirement)

6. Your Rights

Under GDPR, you have the right to: access your data, rectify inaccurate data, erase your data, restrict processing, data portability, object to processing, and withdraw consent. Submit requests to [email protected]. We respond within 30 days.

7. International Transfers

All data is processed and stored within the European Union. We do not transfer personal data outside the EEA unless required by your explicit instruction (e.g., delivering a report to a non-EU email address).

8. Subprocessors

We use the following subprocessors:

  • Cloud hosting provider (EU region)
  • Payment processor (PCI DSS Level 1 certified)
  • Email delivery service (EU-based)

A current list of subprocessors is available upon request.

9. Cookies

See Cookie Policy below.

10. Changes

We will notify account holders by email of material changes to this policy at least 30 days before they take effect.

Terms of Service

Last updated: April 2026

1. Service Description

AuditProven Shield is a compliance documentation analysis and generation platform provided by AuditProven Compliance Systems B.V.

2. Account Responsibilities

You are responsible for maintaining the confidentiality of your account credentials. You are responsible for all activity under your account. You will not share API keys with unauthorized parties.

3. Acceptable Use

You will not: upload documents containing malware, attempt to reverse-engineer the platform, use the service for any illegal purpose, exceed your plan's usage limits, or represent AuditProven Shield output as legal advice.

4. Intellectual Property

The AuditProven Shield platform, knowledge graph, and template library are the intellectual property of AuditProven Compliance Systems B.V. Reports generated from your documents are your property. You grant us a limited license to process your documents for the purpose of generating your reports.

5. Disclaimers

AuditProven Shield is a documentation analysis tool. It does not provide legal, regulatory, or audit advice. Compliance determinations are ultimately the responsibility of your organization and your auditors. Reports are generated deterministically from your input documents and our knowledge graph — their accuracy depends on the completeness and accuracy of your source documents.

6. Limitation of Liability

Our total liability is limited to the fees you have paid in the twelve months preceding the claim. We are not liable for indirect, incidental, or consequential damages.

7. Termination

Either party may terminate at any time. Upon termination, your data is deleted per our retention policy. You may export your data before termination.

8. Governing Law

These terms are governed by Dutch law. Disputes will be resolved in the courts of Amsterdam, The Netherlands.

Data Processing Agreement

A Data Processing Agreement (DPA) compliant with GDPR Article 28 is available for all customers. The DPA covers:

  • Scope and duration of processing
  • Nature and purpose of processing
  • Type of personal data and categories of data subjects
  • Controller and processor obligations
  • Subprocessor management
  • Data subject rights assistance
  • Security measures
  • Breach notification procedures
  • Data deletion and return
  • Audit rights

To request a signed DPA, contact [email protected] with your organization name and plan type.

Enterprise customers receive a pre-signed DPA as part of onboarding.

Cookie Policy

Essential Cookies

Required for platform operation: session management, authentication state, CSRF protection. Cannot be disabled.

Analytics Cookies

Anonymous usage statistics to improve the platform. No personal identification. Opt-in only, managed through the cookie consent banner.

We Do Not Use

  • Advertising cookies
  • Third-party tracking cookies
  • Social media cookies
  • Cross-site tracking of any kind

Managing Cookies

Use the cookie preferences panel accessible from the footer of every page.

Acceptable Use Policy

AuditProven Shield is designed for legitimate compliance documentation work. The following uses are prohibited:

  • Uploading documents you do not have authorization to analyze
  • Using the platform to generate fraudulent compliance certifications
  • Attempting to extract or reverse-engineer the compliance knowledge graph
  • Automated scraping of the platform beyond authorized API usage
  • Sharing API keys or account credentials
  • Using the platform in violation of any applicable law

Violations may result in account suspension or termination.